Hardcoded credentials

TimeTools SC7105 1.0.007, SC9205 1.0.007, SC9705 1.0.007, SR7110 1.0.007, SR9210 1.0.007, SR9750 1.0.007, SR9850 1.0.007, T100 1.0.003, T300 1.0.003, and T550 1.0.003 devices allow remote attackers to bypass authentication by placing t3axs=TiMEtOOlsj7G3xMm52wB in a t3.cgi request, aka a "hardcode...

CVE-2020-8964

TimeTools SC7105 1.0.007, SC9205 1.0.007, SC9705 1.0.007, SR7110 1.0.007, SR9210 1.0.007, SR9750 1.0.007, SR9850 1.0.007, T100 1.0.003, T300 1.0.003, and T550 1.0.003 devices allow remote attackers to bypass authentication by placing t3axs=TiMEtOOlsj7G3xMm52wB in a t3.cgi request, aka a "hardcode...

CVE-2020-8964

CVE-2020-8964 affects TimeTools devices (SC7105/SC9205/SC9705/SR7110/SR9210/SR9750/SR9850/T100/T300/T550). Root cause: authentication bypass via a hardcoded cookie placed in t3.cgi (t3axs=TiMEtOOlsj7G3xMm52wB). Impact: remote attacker could bypass authentication with network access, aligning with...

Hardcoded credentials

Inappropriate implementation in sharing in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to spoof security UI via a crafted HTML page...

Eyes Of Network (EON) <= 2.4.2 Multiple API Vulnerabilities

Eyes Of Network EON is prone to multiple vulnerabilities over the API. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Hardcoded credentials

D-Link DIR865L v1.03 suffers from an "Unauthenticated Hardware Linking" vulnerability...

Hardcoded credentials

An issue was discovered in EyesOfNetwork 5.3. The installation uses the same API key hardcoded as EONAPIKEY in include/apifunctions.php for API version 2.4.2 by default for all installations, hence allowing an attacker to calculate/guess the admin access token...

Hardcoded credentials

An Authentication vulnerability exists in NETGEAR WGR614 v7 and v9 due to a hardcoded credential used for serial programming, a related issue to CVE-2006-1002...

CVE-2012-6340

NETGEAR WGR614 v7 and v9 are affected by CVE-2012-6340 due to a hardcoded credential used for serial programming, enabling authentication bypass for local attackers. The issue is related to CVE-2006-1002. Affected component: the device firmware implementing serial programming authentication. Root...

CVE-2020-8657

An issue was discovered in EyesOfNetwork 5.3. The installation uses the same API key hardcoded as EONAPIKEY in include/apifunctions.php for API version 2.4.2 by default for all installations, hence allowing an attacker to calculate/guess the admin access token. Recent assessments: Assessed Attack...

Cisco Data Center Network Manager 11.2 - Remote Code Execution

Cisco Data Center Network Manager 11.2 - Remote Code Execution !/usr/bin/python """ Cisco Data Center Network Manager SanWS importTS Command Injection Remote Code Execution Vulnerability Tested on: Cisco DCNM 11.2.1 Installer for Windows 64-bit - Release: 11.21 - Release Date: 18-Jun-2019 -...

PT-2020-6507

Name of the Vulnerable Software and Affected Versions EyesOfNetwork version 5.3 Description The issue is related to the use of a hardcoded API key, EONAPI KEY, in the include/api functions.php file for API version 2.4.2. This allows an attacker to calculate or guess the admin access token,...

Hardcoded credentials

Verax NMS prior to 2.1.0 uses an encryption key that is hardcoded in a JAR archive...

CVE-2013-1352

CVE-2013-1352 affects Verax NMS prior to 2.1.0, where an encryption key is hardcoded in a JAR archive. This creates a potential confidentiality risk if the key is exposed; CVSS v3.1 indicates a HIGH impact on confidentiality (network access, no privileges required). The provided connected documen...

CVE-2013-2567

An Authentication Bypass vulnerability exists in the web interface in Zavio IP Cameras through 1.6.03 due to a hardcoded admin account found in boa.conf, which lets a remote malicious user obtain sensitive information...

Authentication flaw

An Authentication Bypass vulnerability exists in the web interface in Zavio IP Cameras through 1.6.03 due to a hardcoded admin account found in boa.conf, which lets a remote malicious user obtain sensitive information...

CVE-2013-2567

An Authentication Bypass vulnerability exists in the web interface in Zavio IP Cameras through 1.6.03 due to a hardcoded admin account found in boa.conf, which lets a remote malicious user obtain sensitive information...

Hardcoded credentials

An Authentication vulnerability exists in D-LINK WCS-1100 1.02, TESCO DCS-2121 1.05TESCO, TESCO DCS-2102 1.05TESCO, DCS-7510 1.00, DCS-7410 1.00, DCS-6410 1.00, DCS-5635 1.01, DCS-5605 1.01, DCS-5230L 1.02, DCS-5230 1.02, DCS-3430 1.02, DCS-3411 1.02, DCS-3410 1.02, DCS-2121 1.06FR, DCS-2121 1.06...

CVE-2020-1716

A flaw was found in the ceph-ansible playbook where it contained hardcoded passwords that were being used as default passwords while deploying Ceph services. Any authenticated attacker can abuse this flaw to brute-force Ceph deployments, and gain administrator access to Ceph clusters via the Ceph...

CVE-2020-7999

The Intellian Aptus application 1.0.2 for Android has hardcoded values for DOWNLOADAPIKEY and FILEDOWNLOADAPIKEY...